b'Phase II Network Operations Vulnerability Assessment\n\n(Audit Report No. 03-007, November 25, 2002)\n\nSummary\n\nPricewaterhouseCoopers Consulting (PwC), an independent professional services firm, was\nengaged by the Office of Inspector General (OIG) to perform a vulnerability assessment of the\nFederal Deposit Insurance Corporation\xe2\x80\x99s (FDIC) network operations. The work accomplished\nthrough this contract helped the OIG satisfy its Federal Information Security Management Act-\nrelated reporting requirements.\n\nThe scope of Phase II testing was specifically designed to focus on network perimeter and\ninternal network controls. PwC found that the FDIC had invested significant resources in\ndefending its network perimeter, and testing confirmed that these controls were operating\neffectively. PwC also determined that several improvements were needed in physical access\nsecurity and the protection of sensitive data.\n\nRecommendations\n\nPwC made recommendations to the Director, Division of Administration (DOA), and the Acting\nDirector, Division of Information and Resources Management (DIRM) to improve physical\naccess security and the protection of sensitive data.\n\nManagement Response\n\nDOA\xe2\x80\x99s and DIRM\xe2\x80\x99s responses to the recommendations were considered adequate.\n\nThis report addresses issues associated with information security. Accordingly, we have not\nmade, nor do we intend to make, public release of the specific contents of the report.\n\x0c'